Daily Archives: March 1, 2019

Cybersecurity is about people. The frontline defenders who stand between the promise of digital transformation and the daily reality of cyber-attacks need our help. At Microsoft, we’ve made it our mission to empower every person and organization on the planet to achieve more. Today that mission is focused on defenders. We are unveiling two new cloud-based technologies in Microsoft Azure Sentinel and Microsoft Threat Experts that empower security operations teams by reducing the noise, false alarms, time consuming tasks and complexity that are weighing them down. Let me start by sharing some insight into the modern defender experience.

Every day Microsoft security professionals help organizations respond to threats at scale and through targeted incident response. In one recent example from the latest Security Intelligence Report, Microsoft experts were called in to help several financial services organizations deal with attacks launched by a state-sponsored group that had gained administrative access and executed fraudulent transactions, transferring large sums of cash into foreign bank accounts. When the attack group realized they had been detected, they rapidly deployed destructive malware that crippled the customers’ operations for several days. Microsoft experts were on site within hours, working around the clock with the customers’ security teams to restore normal business operations.

Incidents like this are a reminder that many defenders are overwhelmed by threats and alerts – often spending their days chasing down false alarms instead of investigating and solving complex cases. Compounding the problem is a critical shortage of skilled cyber defenders, with an estimated shortfall of 3.5 million security professionals by 2021. With today’s announcements we are unlocking the power of the cloud and AI for security to do what they do best—reason over vast amounts of security signal, spot anomalies and bring global scale to highly trained security professionals.

Too many enterprises still rely on traditional Security Information and Event Management (SIEM) tools that are unable to keep pace with the needs of defenders, volume of data or the agility of adversaries. The cloud enables a new class of intelligent security technologies that reduce complexity and integrate with the platforms and productivity tools you depend on. Today we are pleased to announce Microsoft Azure Sentinel, the first native SIEM within a major cloud platform. Azure Sentinel enables you to protect your entire organization by letting you see and stop threats before they cause harm. With AI on your side it helps reduce noise drastically—we have seen an overall reduction of up to 90 percent in alert fatigue with early adopters. Because it’s built on Azure you can take advantage of nearly limitless cloud speed and scale and invest your time in security and not servers. In just a few clicks you can bring in your Microsoft Office 365 data for free and combine it with your other security data for analysis.

Azure Sentinel is the product of Microsoft’s close partnership with customers on their journey to digital transformation. We worked hand in hand with dozens of customers and partners to rearchitect a modern security tool built from the ground up to help defenders do what they do best – solve complex security problems. Early adopters are finding that Azure Sentinel reduces threat hunting from hours to seconds.

Corey McGarry, Senior Technical Specialist, Enterprise Operations, Tolko Industries, Ltd., told me, “After using Microsoft Azure Sentinel for six months, it has become a go-to resource every morning. We get a clear visual of what’s happening across our network without having to check all our systems and dashboards individually. I haven’t seen an offering like Microsoft Azure Sentinel from any other company.”

Azure Sentinel supports open standards such as Common Event Format (CEF) and broad partner connections, including Microsoft Intelligent Security Association partners such as Check Point, Cisco, F5, Fortinet, Palo Alto Networks and Symantec, as well as broader ecosystem partners such as ServiceNow. You can even bring your own insights and collaborate with a diverse community of defenders. Azure Sentinel blends the insights of Microsoft experts and AI with the unique insights and skills of your own in-house defenders and machine learning tools to uncover the most sophisticated attacks before they take root. Azure Sentinel helps empower SecOps teams to keep their organizations safe by harnessing the power, simplicity and extensibility of Azure to analyze data from Microsoft 365 and security solutions from other vendors. Azure Sentinel is available in preview today from the Azure portal.

Our approach to security is not only about applying the cloud and AI to your scale challenges, but also making the security operations experts who defend our cloud available to you. Therefore, we are pleased to announce Microsoft Threat Experts, a new service within Windows Defender ATP which provides managed hunting to extend the capability of your security operations center team. Through this service, Microsoft will proactively hunt over your anonymized security data for the most important threats, such as human adversary intrusions, hands-on-keyboard attacks, and advanced attacks like cyberespionage—helping your team prioritize the most important risks and respond quickly. The service also provides world-class expertise on demand. With the new “Ask a Threat Expert” button, your security operations team can submit questions directly in the product console. To join the public preview of Microsoft Threat Experts, apply in the Windows Defender ATP settings.

There are no easy answers or silver bullets for security, however the cloud is unlocking new capabilities. This is why we are putting the cloud and AI to work to extend and empower the defenders whose unique human insights are key to avoiding cyber threats. Azure Sentinel and Microsoft Threat Experts are two new capabilities that join our broad portfolio of security solutions across identity, endpoints, data, cloud applications and infrastructure. We look forward to showcasing Azure Sentinel and Microsoft Threat Experts at the RSA Conference next week and encourage you to stop by the Microsoft booth on the main show floor or any of our compelling sessions to learn more.

Threat actors can use firmware attacks on bare-metal cloud servers to easily gain persistent access to the hardware, according to new research from hardware security startup Eclypsium.

The research showed how vulnerabilities in baseboard management controllers (BMCs) and weaknesses in the reclamation process of bare-metal cloud servers can allow attackers to add other malicious implants that can persist and steal data. Eclypsium researchers tested the attack scenario on IBM’s SoftLayer cloud services and found the vulnerability, which it calls Cloudborne, existed on SoftLayer’s bare-metal services. But Eclypsium said such firmware attacks are almost certainly possible on other cloud services.

“This is an industrywide issue, rather than just an IBM issue,” said John Loucaides, vice president engineering at Eclypsium, based in Beaverton, Ore. “IBM is a case study, but IBM is certainly big enough that they have real security teams that are doing this sort of research, and they were able to miss this. That means all the other folks are capable of missing this, as well.”

Eclypsium researchers claimed the firmware attacks are easy to execute and don’t require any sort of significant hacking skills. Cloudborne can affect premium cloud services and leave customers open to a variety of threats, including implanted backdoors, the research claimed.

“Bare-metal offers you a lot of interesting capabilities, and you would think, because it gives you more control, it would give you a stronger security posture. But what we found was that, in fact, it gives the adversary [or] the attacker more control, as well,” Loucaides said. “This type of attack is something that could apply both to bare-metal cloud and regular cloud, but the obvious application is on bare-metal, where you have direct access to the hardware.”

As bare-metal cloud offerings are used for sensitive applications, bare-metal hardware is dedicated to one customer at a time. As deployments end, hardware is reclaimed by the cloud service provider and is reprovisioned to the next customer. With hardware vulnerable to Cloudborne, threat actors can make simple changes to the firmware.

With multiple tenants using the same resources over time, Loucaides said, cloud providers need to sanitize those resources in between giving it from one user to another.

“What we found [in our research] was that they were missing the sanitization of the firmware components, and that leaves you vulnerable to attacks,” he said.

When dealing with bare-metal clouds, Loucaides suggested the simple thing to do would be to just reinstall or update the firmware image of the different components, particularly the BMC.

“The BMC provides the out-of-band management interface. So, it has a lot of power over the system, and it’s one of the critical components that you would want to make sure that you bring back to a known state in between de-provisioning a system from one user and provisioning it to another,” Loucaides added.

IBM SoftLayer case study

To test these firmware attacks, Eclypsium researchers rented a bare-metal server from IBM’s SoftLayer cloud services. Researchers also noticed the server was using a BMC from Supermicro, a hardware vendor with known firmware vulnerabilities.

After confirming it had the latest BMC firmware available, researchers recorded the chassis and product serial numbers to help them identify the system later. The research team then made a “benign change” to the BMC firmware in the form of a single bit flip. An additional user account in the BMC’s IPMI was also created before releasing the server back to IBM.

Researchers then reacquired the same piece of hardware and found that while the additional IPMI user was removed, the BMC firmware containing the flipped bit was still present.

If you look at the capabilities that this offers you, it offers you a way to persist a piece of malware from one tenant to another.John Loucaidesvice president engineering at Eclypsium

This indicated the servers’ BMC firmware was not reflashed during the server reclamation process, according to the research. The combination of using vulnerable hardware and not reflashing the firmware makes it possible to implant malicious code into the server’s BMC firmware, researchers concluded.

Researchers also noticed BMC logs were retained across provisioning, and the BMC root password remained the same across provisioning.

“If you look at the capabilities that this offers you, it offers you a way to persist a piece of malware from one tenant to another,” Loucaides said. “The obvious things that a hacker will want to do will include stealing data and exfiltrating some secret information from the other tenant. Another interesting one is the idea of providing a substantial disruption to the infrastructure by effectively bringing down those machines. If you have access at this firmware layer, you can permanently ‘brick‘ a machine.”

Loucaides suggested customers and cloud service providers should ensure security at the firmware level. For example, just monitoring that layer is very useful, he said.

“Even if you don’t take action, like deliberately installing a particular firmware version, just checking to see if something changed is a good mechanism to know whether or not you might have a problem,” he said.

Loucaides emphasized that Cloudborne can affect many cloud providers and should not be considered limited to IBM SoftLayer. He said there are a lot of smaller players that are going to have a much harder time dealing with this and understanding this.

IBM has responded to this vulnerability by forcing all BMCs, including those that are already reporting up-to-date firmware, to be reflashed with factory firmware before they are reprovisioned to other customers, according to a company blog post. All logs in the BMC firmware were erased, and all passwords to the BMC firmware were regenerated, the post added.

“We are not aware of any client or IBM data being put at risk because of this reported potential vulnerability, and we have taken actions to eliminate the vulnerability,” an IBM spokesperson said. “Given the remediation steps we have taken and the level of difficulty required to exploit this vulnerability, we believe the potential impact to clients is low. While the report focuses on IBM, this was actually a potential industrywide vulnerability for all cloud service providers, and we thank Eclypsium for bringing it to the attention of the industry.”

While IBM categorized this as a “low-severity” issue, Eclypsium said it does not agree with the characterization. “Using CVSS 3.0,” the vendor wrote in its research paper, “we would classify it as 9.3 (critical) Severity.”

On Tuesday, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18342 or greater). The Preview SDK Build 18342 contains bug fixes and under development changes to the API surface area.
The Preview SDK can be downloaded from developer section on Windows Insider.
For feedback and updates to the known issues, please see the developer forum. For new developer feature requests, head over to our Windows Platform UserVoice.

This build works in conjunction with previously released SDKs and Visual Studio 2017. You can install this SDK and still also continue to submit your apps that target Windows 10 build 1809 or earlier to the Microsoft Store.
The Windows SDK will now formally only be supported by Visual Studio 2017 and greater. You can download the Visual Studio 2017 here.
This build of the Windows SDK will install ONLY on Windows 10 Insider Preview builds.
In order to assist with script access to the SDK, the ISO will also be able to be accessed through the following URL: https://go.microsoft.com/fwlink/?prd=11966&pver=1.0&plcid=0x409&clcid=0x409&ar=Flight&sar=Sdsurl&o1=18342 once the static URL is published.

Message Compiler (mc.exe)

The “-mof” switch (to generate XP-compatible ETW helpers) is considered to be deprecated and will be removed in a future version of mc.exe. Removing this switch will cause the generated ETW helpers to expect Vista or later.
The “-A” switch (to generate .BIN files using ANSI encoding instead of Unicode) is considered to be deprecated and will be removed in a future version of mc.exe. Removing this switch will cause the generated .BIN files to use Unicode string encoding.
The behavior of the “-A” switch has changed. Prior to Windows 1607 Anniversary Update SDK, when using the -A switch, BIN files were encoded using the build system’s ANSI code page. In the Windows 1607 Anniversary Update SDK, mc.exe’s behavior was inadvertently changed to encode BIN files using the build system’s OEM code page. In the 19H1 SDK, mc.exe’s previous behavior has been restored and it now encodes BIN files using thebuild system’s ANSI code page. Note that the -A switch is deprecated, as ANSI-encoded BIN files do not provide a consistent user experience in multi-lingual systems.

Change to effect graph of the AcrylicBrush
In this Preview SDK we’ll be adding a blend mode to the effect graph of the AcrylicBrush called Luminosity. This blend mode will ensure that shadows do not appear behind acrylic surfaces without a cutout. We will also be exposing a LuminosityBlendOpacity API available for tweaking that allows for more AcrylicBrush customization.
By default, for those that have not specified any LuminosityBlendOpacity on their AcrylicBrushes, we have implemented some logic to ensure that the Acrylic will look as similar as it can to current 1809 acrylics. Please note that we will be updating our default brushes to account for this recipe change.
TraceLoggingProvider.h / TraceLoggingWrite
Events generated by TraceLoggingProvider.h (e.g. via TraceLoggingWrite macros) will now always have Id and Version set to 0.
Previously, TraceLoggingProvider.h would assign IDs to events at link time. These IDs were unique within a DLL or EXE, but changed from build to build and from module to module.

Removals:
Note: The following recent removals have been made since earlier flights.

Active Member

I’m hunting for one for my other half and her photography business. Unlikely people will be moving these on just yet but thought I’d see.

Cheers

Location: Thame | Oxfordshire

______________________________________________________This message is automatically inserted in all classifieds forum threads.By replying to this thread you agree to abide by the trading rules detailed here.Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

Landline telephone number. Make a call to check out the area code and number are correct, too

Name and address including postcode

Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Share This Page

Western Digital is adding two NVMe SSDs designed for read-intensive workloads in public and private clouds, hyperscalers and edge deployments.

The enterprise-class Western Digital SSDs launched today are the first in the vendor’s NVMe data center product line with denser, 64-layer 3D NAND flash technology and new, internally developed controller technology. The 2.5-inch Ultrastar DC SN630 SSD will ship at capacities ranging from 960 GB to 7.68 TB, and the lower end CL SN720 is available from 256 GB up to 2 TB in a gumstick-shaped M.2 form factor.

The latest Western Digital SSDs arrive as the HDD giant tries to increase its share of the enterprise SSD market. Western Digital shipped less than 10% of the NVMe SSDs in 2018, while industry leaders Samsung and Intel combined for 69% of the market, according to Jeff Janukowicz, an IDC analyst.

Janukowicz said the ultralow-latency NVMe technology represented the majority of the SSD capacity shipped into enterprise data centers in the second half of 2018. NVMe has moved into the mainstream after starting out in niche environments or high-performance applications, he said.

NVMe-based PCI Express (PCIe) SSDs accounted for about 40% of the enterprise SSD market in 2018, with slower SATA SSDs at 31% and SAS SSDs at 29%, according to market research firm Forward Insights. Forward Insights forecasts that NVMe-based PCIe SSDs will command 60% of the market by early 2019, with SAS at 25% and SATA at 15%.

Forward Insights analyst Greg Wong said hyperscale data centers are replacing SATA drives with NVMe SSDs, and OEMs are also moving to NVMe drives. He predicted that new all-flash arrays would gradually transition to dual-ported NVMe SSDs in place of SAS SSDs.

NVMe PCIe, SAS and SATA enterprise SSD market share

Driving the transition from SATA to NVMe is the shift from traditional applications to scale-out, cloud-based applications that have millions of users accessing them, said Clint Ludeman, Western Digital’s senior product marketing manager for data center devices.

“All of a sudden latency is important. You don’t want to wait when you go on the web. You want the response to be more instant. And you’ve got thousands of users at a time wanting it to be instant, so you have to be able to scale,” he said.

Ludeman said HDDs were fine for applications with small data sets, delivering milliseconds of latency, but the new cloud-based applications handling billions of transaction require microsecond latency. NVMe SSDS offer four or five times the throughput of 6 Gbps SATA SSDs and 12 Gbps SAS SSDs, he said.

New Western Digital SSDs boost performance

Western Digital claims its new 1.92 TB Ultrastar DC SN630 NVMe SSD can boost IOPS by more than three times over legacy SATA SSDs with mixed workloads of roughly 70% data reads and 30% writes. The SN630, which is due to be broadly availability in April, also offers higher performance than its predecessor SN620 model that used 2D NAND flash, Ludeman said.

The SN630 targets both mixed and read-intensive workloads, including software-defined and object storage applications, virtualization using hyper-converged infrastructure, hyperscale and cloud services, NoSQL databases, media streaming and IoT use cases.

The SN630 SSD will support two drive writes per day (DWPD) at capacities ranging from 800 GB to 6.4 TB for mixed read/write workloads. With more heavily read-intensive workloads, the SN630 will support 0.8 DWPD at capacities ranging from 960 GB to 7.68 TB.

“You trade off endurance for capacity,” Ludeman said.

Western Digital labels the lower end CL SN720 as a “very read-intensive” SSD at 0.3 maximum DWPD. Ludeman said the M.2 SSD would perform better with sequential rather than random writes. The SN720 SSD is designed to boot server operating systems and store data in edge servers, content delivery networks, cloud gaming and IoT platforms and gateways.

The gumstick-shaped SN720 SSD in the low-power M.2 form factor holds fewer NAND flash chips than the U.2-based SN630 SSD that can store more data and fit into the same drive bays as standard 2.5-inch SAS and SATA HDDs and SSDs.

Gumstick-shaped M.2 Western Digital CL SN720 is available with capacities from 256 GB to 2 TB.

The portfolio of NVMe-based Western Digital SSDs also includes the DC SN200 at 1 to 3 DWPD for caching and compute-intensive workloads and the DC ME200 Memory Extension Drive at 10 or more DWPD for write-intensive workloads, such as in-memory databases, ERP systems and financial applications.

But the new M.2 SN720 and the U.2 SN630 are the only enterprise NVMe-based Western Digital SSDs to use in-house controller technology. Ludeman said the development of the new controllers — which are different for each of the two drives — shows Western Digital’s long-term commitment to the NVMe SSD category and would ease the addition of new features in future products.

“We’re able to control those features because we control the entire stack,” he said.

Because Western Digital produces its own flash chips, firmware and controllers, Ludeman said, it would be able to quickly transition from 64-layer 3D NAND to denser 96-layer 3D NAND and new SSD form factors such as ruler-shaped drives. Ruler-shaped enterprise and data center small form factor drives will have the advantage of being hot swappable, unlike the smaller, more power-constrained M.2 SSDs, Ludeman said.

..NUC and memory from eBuyer, SSD from Amazon. All purchased new late November 2018. Boxed and immaculate. Currently £1025 new.

Pics to follow

Price and currency: 825Delivery: Delivery cost is included within my countryPayment method: PPG or BT pleaseLocation: WorthingAdvertised elsewhere?: Not advertised elsewherePrefer goods collected?: I have no preference

______________________________________________________This message is automatically inserted in all classifieds forum threads.By replying to this thread you agree to abide by the trading rules detailed here.Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

Landline telephone number. Make a call to check out the area code and number are correct, too

Name and address including postcode

Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.